WP-Safety

Contact Form 7 Submission Summary & PDF Print Security & Risk Analysis

wordpress.org/plugins/cf7-summary-and-print

Show a printable summary of Contact Form 7 submissions. Let users review and print their form data instantly. Upgrade to Pro for PDF export and brandi …

300 active installs v1.3.1 PHP 7.4+ WP 4.5+ Updated Jun 14, 2025
cf7-view-summarycontact-form-printform-summarypdf-print
99
A · Safe
CVEs total1
Unpatched0
Last CVEJul 11, 2024
Download
Safety Verdict

Is Contact Form 7 Submission Summary & PDF Print Safe to Use in 2026?

Generally Safe

Score 99/100

Contact Form 7 Submission Summary & PDF Print has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 11, 2024Updated 9mo ago
Risk Assessment

The 'cf7-summary-and-print' plugin version 1.3.1 exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and performing a reasonable percentage of output escaping (79%), significant concerns arise from its attack surface. The presence of one AJAX handler without authentication checks presents a direct entry point for potential exploitation, which is a critical weakness. The plugin also includes bundled libraries like Select2 and Freemius v1.0, which, depending on their specific versions and any known vulnerabilities, could introduce further risks.

The vulnerability history shows one previously disclosed medium-severity CVE, specifically a Cross-Site Request Forgery (CSRF). Although currently patched, the existence of past vulnerabilities, particularly those involving CSRF, suggests potential areas for improvement in input validation and nonce implementation across all entry points. The taint analysis shows no critical or high-severity issues, which is a positive sign, but this might be an artifact of the limited scope of the analysis or the nature of the plugin's functionality.

In conclusion, while the plugin has some strengths, the unprotected AJAX handler is a notable security flaw that requires immediate attention. The past CSRF vulnerability also warrants a review of overall security hygiene. The limited attack surface in other areas is commendable, but the single unprotected entry point significantly lowers the overall security posture and necessitates mitigation.

Key Concerns

  • Unprotected AJAX handler
  • Past medium severity CVE (CSRF)
  • Bundled library (Freemius v1.0)
Vulnerabilities
1

Contact Form 7 Submission Summary & PDF Print Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-38724medium · 6.1Cross-Site Request Forgery (CSRF)

Contact Form 7 Summary and Print <= 1.2.5 - Cross-Site Request Forgery

Jul 11, 2024 Patched in 1.2.6 (138d)
Code Analysis
Analyzed Mar 16, 2026

Contact Form 7 Submission Summary & PDF Print Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
11 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

Output Escaping

79% escaped14 total outputs
Attack Surface
1 unprotected

Contact Form 7 Submission Summary & PDF Print Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_cf7_hide_summary_noticeincludes\admin\class-cf7-sp-settings.php:33
WordPress Hooks 8
filterwpcf7_default_templateincludes\admin\class-cf7-sp-settings.php:28
filterwpcf7_contact_form_propertiesincludes\admin\class-cf7-sp-settings.php:29
filterwpcf7_save_contact_formincludes\admin\class-cf7-sp-settings.php:30
filteradmin_enqueue_scriptsincludes\admin\class-cf7-sp-settings.php:31
actionadmin_menuincludes\admin\class-cf7-sp-settings.php:32
actioncf7sp_before_settings_loadedincludes\admin\class-cf7-sp-settings.php:34
actionwp_enqueue_scriptsincludes\class-cf7-sp-summary-print.php:28
actionadmin_noticesincludes\class-cf7-sp-summary-print.php:29
Maintenance & Trust

Contact Form 7 Submission Summary & PDF Print Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 14, 2025
PHP min version7.4
Downloads13K

Community Trust

Rating96/100
Number of ratings4
Active installs300
Alternatives

Contact Form 7 Submission Summary & PDF Print Alternatives

No alternatives data available yet.

Developer Profile

Contact Form 7 Submission Summary & PDF Print Developer Profile

Muhammad Rehman

5 plugins · 2K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
138 days
View full developer profile
Detection Fingerprints

How We Detect Contact Form 7 Submission Summary & PDF Print

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cf7-summary-and-print/assets/css/cf7-sp-admin.css/wp-content/plugins/cf7-summary-and-print/assets/js/cf7-sp-admin.js
Script Paths
/wp-content/plugins/cf7-summary-and-print/assets/js/cf7-sp-admin.js
Version Parameters
cf7-sp-admin.css?ver=cf7-sp-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
cf7-form-list
Data Attributes
name="cf7-enabled"name="cf7-enabled-for[]"name="cf7-summary-title"name="cf7-summary-msg-enabled"name="cf7-summary-msg"name="cf7-summary-btn"
FAQ

Frequently Asked Questions about Contact Form 7 Submission Summary & PDF Print